Skip to main content
8x8 SCIM Configuration Guide for Okta
8x8 Support

8x8 SCIM Configuration Guide for Okta

Objective

This configuration guide describes the feature capabilities of the SCIM integration between 8x8 and Okta for enterprise users and telephony service management, and step-by-step illustration of how to configure the integration.

Important: Okta SCIM management of 8x8 Configuration Manager users requires that those users be created in Okta, first, and then synced to Configuration Manager.

In this case, any existing users created from 8x8 Configuration Manager must first be deleted, and then recreated from Okta.

Note that Okta SSO login will work for Configuration Manager users regardless of where the user account was initiated.

Applies To

  • Configuration Manager
  • 8x8 SCIM
  • Okta

Procedure

Integration Prerequisites

  1. Log in to Configuration Manager.
  2. Click Identity Management in the Home Dashboard page.
    8x8 Okat SCIM Config 1.png
  3. For SAML Configuration, enter the IDP Login URL, IDP Issuer URL, and upload an Okta Certificate.
    • These can be obtained from the SAML 2.0 View Setup Instructions page under the Okta Sign-on tab within the 8x8 app in Okta (search 8x8, Inc. from the list of applications).
      8x8 Okta SCIM Config 2.png
  4. In User Provisioning Information, click the Generate 8x8 token button to automatically generate the 8x8 SCIM service URL and 8x8 token in the user provisioning fields. These will later need to be copied over into the Okta app for configuring the user provisioning integration.
    8X8 Okta SCIM Config 3.png
  5. If opting to sync telephony configuration back from 8x8 into Okta, you are also required to provide the URL to your Okta instance and Okta token in the Okta Sync Back Information section.
    • To get the Okta token, navigate to Security > API within Okta, click Okta API - Create New Token, and provide a token name as shown in the example below: SCIM Integration.
      8x8 Okta SCIM Config 4.png
    • Copy the generated Okta token.
    • Input your Okta URL (e.g., https://company.oktapreview.com) and Okta token into the respective Okta Sync Back Information fields, as shown in the example below.
      8x8 Okta SCIM Config 5.png
  6. Save changes made to the Identity Management page.
  7. Add the 8x8 application to the list of apps used by the company. For this, login to Okta and navigate to Admin - Applications, search for 8x8 and select the 8x8 Inc app that has both SAML and SCIM provisioning.
    8x8 Okta SCIM Config 6.png
  8. Once added, the 8x8 app will be available in your application list.
    8x8 Okta SCIM Config 7.png
  9. Click on the 8x8 inc app.
  10. In the Provisioning tab, click enable provisioning.
  11. Add the 8x8 SCIM service URL and 8x8 token from step 4 (copy the values over).
  12. Test API credentials to make sure connectivity to the SCIM Service is successful.
    8x8 Okta SCIM Config 8.png

Setting up the Integration between 8x8 and Okta

This section describes how the integration works between the 8x8 SCIM app and Okta.

User Import

Keep enabled. This is needed for telephony system attribute updates to get synced back into Okta from 8x8. This is currently supported with a polling interval that can be changed if needed.

8x8 Okta SCIM Config 9.png

Create Users

This will enable users to be provisioned into the 8x8 system This can be done with:

  • User (People) Assignment
  • User assignment within Groups

8x8 Okta SCIM Config 10.png

Update User Attributes

Changes to user profile attributes in Okta will be propagated to 8x8 automatically.

8x8 Okta SCIM Config 11.png

Deactivate Users

Users in 8x8 will be suspended automatically.

8x8 Okta SCIM Config 12.png

To enable the integration, attribute mappings between Okta and 8x8 will need to be configured. These are readily pre-configured with your 8x8 SCIM app. Following are the minimum set of attributes that are needed for a user to be automatically synced into 8x8.

From: Okta

To: 8x8

user.username

username

user.firstName

givenName

user.lastName

familyName

user.email

email

Post Configuration Steps

All user profiles that have been synced from Okta into 8x8 are now visible in the 8x8 CM user list page. For these users, a CM administrator will be able to assign licenses and configure services, after which these users may place or receive calls using their hardware endpoints or softphones (VOD/VOM), and avail of 8x8’s telephony services. End users with VOD/VOM will also have the ability to single sign-on into Okta from the softphone login page, before being able to leverage these advanced capabilities.

Additional Information

For more instructions, see the 8x8 Integration with Okta help guide.

Features

Features of the 8x8 SCIM integration include:

  • Automatic sync of Active Directory (AD) users and groups from Okta into 8x8
    • New standalone user creation
    • New user creation within Okta Groups
    • User updates
    • User deactivation
  • Telephony service enablement for users with 8x8 Configuration Manager (CM)
  • Reverse sync of telephony information from 8x8 back to Okta
    • Primary extension
    • Phone number
  • Single sign-on of users into Okta from 8x8 softphone, i.e., Virtual Office Desktop (VOD), Virtual Office Mobile (VOM)

Limitations

  • SCIM management of 8x8 users is only available to Configuration Manager accounts. It is not compatible with Account Manager. However, basic Okta SSO authentication with 8x8 will work on either platform.
  • Okta SCIM management of 8x8 Configuration Manager users requires that those users be created in Okta, first, and then synced to Configuration Manager.
  • Sync of groups from Okta to 8x8 is not available with the integration (however, sync of users within groups is available).
  • Any updates to existing usernames in Okta, for users that have already been synced, are not propagated to Federation ID in the 8x8 system.
  • In the CM Identity Management page, after entering the fields under “Send Telephony System Updates”, clicking on “Generate 8x8 Secret” and saving the changes, the fields appear blank due to a known UI bug, even though data is correctly persisted.
  • Federation ID is not visible in the CM user page after user provisioning, although it is correctly persisted.
  • Okta URL and Okta token are mandatory to configure in CM Identity Management page, if opting to sync back extension and phone number into Okta, even while using the Okta Import feature.